Security researcher stumbles across embassy e-mail log-ins

Some diplomats aren't too careful with their login credentials. A Swedish …

Security consultant Dan Egerstad has managed to snag usernames and passwords for over 100 e-mail accounts belonging to embassy employees around the world. According to Computer Sweden, which was able to check that some of the data was accurate, the embassies affected include India, Russia, Uzbekistan, Kazakhstan, and Iran, along with a British office in Nepal.

Egerstad said he found the data inadvertently after some security-related research. "I did some experimentation and came across the information accidentally," Egerstad told Computer Sweden.

Of the embassies affected, only Russia has yet to own up to the problem. Roman Mironov, the head secretary at the Russian embassy in Stockholm, told a Swedish television station that the information is accurate but no longer relevant since the login information has been changed. The Indian embassy refused Computer Sweden's requests for comment.

Computer Sweden says that it has confirmed other aspects of Egerstad's account without trying to log into any of the compromised accounts, but it has decided against naming or linking to the web site where the data was posted.

Given that the data obtained appears to be confined to e-mail login information, the potential for damage appears to be limited. Egerstad hopes that his finding the data proves to be an eye-opening experience for the embassy staff. "I hope this leads them to take action," Egerstad told Computer Sweden. "And I hope they become a bit more aware of security issues."